I am testing the Prevention appliance to catch up emails that use confidential content and it works fine, but i am facing a weird behaviour that i cant figure out... DLP Prevent sends two notification emails at the same time to the email sender. Is it something that i miss here ?
What software version do you have installed on your Prevent appliance? Can you also confirm that you configured Prevent and the MTA as per the product documentation?
If you can please post a sample header from the duplicated Prevent notifications so we can advise further.
FAQs for Network DLP - http://kc.mcafee.com/corporate/index?page=content&id=KB77088
FAQs for Email Gateway 7.x - http://kc.mcafee.com/corporate/index?page=content&id=KB76144
I will frequently see duplicate rules. If you have two rules matching on the same thing, even if the rules themselves are somewhat different, you can have two emails sent. If you look for incidents for the original email are there two?
I will also see duplicate incidents if a Email Gateway is not excluded in the Monitor capture filters (if that is in use). We don't need to see an incident once from the Prevent and once from the Monitor.